server
/
kratos-utils


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
							package common

import (
	"encoding/json"
	"errors"
	"time"

	jwtgo "github.com/dgrijalva/jwt-go"
)

//JWT secret:加密秘钥
// expire:过期时间,单位为秒
type JWT struct {
	secret []byte
	expire int64
}

type CustomClaims struct {
	AccountId string          `json:"id"`
	Claims    json.RawMessage `json:"claims,omitempty"`
	jwtgo.StandardClaims
}

var (
	DefaultJWT      *JWT
	ErrTokenExpired = errors.New("token expired")
	ErrTokenInvalid = errors.New("token invalid")
)

const (
	jwtHeader = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
)

func InitJWT(secret string, expire int64) {
	DefaultJWT = NewJWT(secret, expire)
}

func NewJWT(secret string, expire int64) *JWT {
	var j = new(JWT)
	j.secret = []byte(secret)
	j.expire = expire
	return j
}

func (j *JWT) NewToken(accountID string, claimMap json.RawMessage) (token string, tokenExpire int64, err error) {
	expireAt := time.Now().Add(time.Duration(j.expire) * time.Second).Unix()
	claims := CustomClaims{
		AccountId: accountID,
		Claims:    claimMap,
		StandardClaims: jwtgo.StandardClaims{
			ExpiresAt: expireAt,
			//Id:        utils.GetUUIDNoDash(),
		},
	}
	t := jwtgo.NewWithClaims(jwtgo.SigningMethodHS256, claims)
	token, err = t.SignedString(j.secret)
	if err != nil {
		return
	}
	token = token[37:]
	tokenExpire = claims.ExpiresAt
	return
}

func (j *JWT) Parse(jwtString string) (userId string, expiresAt int64, claimMap json.RawMessage, err error) {
	jwtString = jwtHeader + "." + jwtString
	token, err := jwtgo.ParseWithClaims(jwtString, &CustomClaims{}, func(token *jwtgo.Token) (interface{}, error) {
		return j.secret, nil
	})
	if err != nil {
		if ve, ok := err.(*jwtgo.ValidationError); ok {
			if ve.Errors == jwtgo.ValidationErrorExpired {
				err = ErrTokenExpired
			}
		}
		return
	}
	if claims, ok := token.Claims.(*CustomClaims); ok {
		userId = claims.AccountId
		expiresAt = claims.StandardClaims.ExpiresAt
		claimMap = claims.Claims
		if token.Valid {
			return
		}
	}
	err = ErrTokenInvalid
	return
}

//func (j *JWT) RevokeToken(sess string) error {
//	return j.adapter.Revoke(sess)
//}

//type JWTSessionAdapter interface {
//	//Validate(sessID, accountID string) bool
//	//Store(sessID, accountID, refreshToken string) error
//	//Revoke(sessID string) error
//	//GenerateSess() (string, error)
//}
//
//var ErrSessionInvalid = errors.New("session invalid")
//
//type DefaultJWTSessionAdatper struct {
//}
//
//func NewDefaultAdapter() *DefaultJWTSessionAdatper {
//	return &DefaultJWTSessionAdatper{}
//}
//
//func (a *DefaultJWTSessionAdatper) Store(sess, accountID, refreshToken string) error {
//	return nil
//}
//
//func (a *DefaultJWTSessionAdatper) Validate(sess, accountID string) bool {
//	return true
//
//}
//
//func (a *DefaultJWTSessionAdatper) Revoke(sess string) error {
//	return nil
//}
//
//func (a *DefaultJWTSessionAdatper) GenerateSess() (string, error) {
//	return utils.GetUUID(), nil
//}